If you do not wish to record data entered into input fields on your website or app, you can instruct Mouseflow to not track (i.e. mask) keystrokes. For example, this can be a form where users often type in their information that may contain personal data.

When keystroke tracking is disabled, the exclusion happens locally before any data is sent to Mouseflow, and applies to any and all input fields on your website or app. Additionally, the information users type in is replaced by asterisks (*) in Heatmaps and during Recording playback but Mouseflow will still count the number of user interactions with each input field and allow you to build Form reports.

How to Disable Keystrokes

  1. Navigate to the Settings for your domain project

  2. Open the Privacy Settings panel

  3. Toggle 'Disable Keystrokes' to 'Yes'

  4. Don't forget to save your changes


Why am I unable to interact with the toggle?

This setting is enabled by default (i.e. keystrokes are masked) and cannot be disabled for all:

  • EU-based (EEA & UK) accounts (due to GDPR)

  • EU-based (EEA & UK) visitors to any website (due to GDPR)

  • California-based US visitors to any website (due to CCPA)

  • Brazil-based visitors to any website (due to LGDP)

  • South Africa-based visitors to any website (due to POPIA)

As of November 2022, this setting is also enabled by default for all newly created Mouseflow accounts and all their visitors, and cannot be disabled.

Does this setting apply to all page elements that contain personal data?

The 'Disable Keystrokes' setting is only applicable to input fields on your website or app. You need to exclude manually other types of page elements that may contain personal data using our Visual Privacy Tool, Settings, or via code. For example, this may be relevant to you if personal information users type in one form (e.g. shipping details) is displayed as text when they move to the next step (e.g. order confirmation) to complete a certain process (e.g. checkout).

Does this setting apply retrospectively?

Nope! Mouseflow will only be able to prevent the recording of keystrokes from your website or app after the 'Disable Keystrokes' setting has been enabled. Recordings that had the keystrokes recorded (unmasked) prior to this change will still contain input field data and will not be changed retrospectively.

What happens if I exclude any input fields manually?

If you exclude input fields manually (using our Visual Privacy Tool, Settings, or via code), Mouseflow will not only mask keystrokes in Heatmaps and during Recording playback - but will also stop counting the number of user interactions with such input fields entirely and no longer allow you to see conversions in Form reports for such.

What happens if I whitelist any input fields?

With the 'Disable Keystrokes' setting enabled, you may be able to whitelist some input fields (using our Visual Privacy Tool or Settings) if you are certain they don't contain any personal data. But in some cases, Mouseflow's built-in exclusion will override any whitelisting done on your end. For example, you can whitelist your website's search bar but you cannot whitelist the users' credit card numbers and passwords.


You can read more about Mouseflow's Privacy Settings here.

Did this answer your question?